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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims: 

1. (Currently Amended) A method for managing 
identification in a data communications network, the method 
comprising: 

receiving a portable user-controlled secure storage 
device; 

! enrolling a user of said portable user- control led 

secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user dat.a; and 

using said user data , from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 

2. (Currently Amended) A method for managing 
identification in a data communications network, the method 
comprising: 

receiving a portable user -control led secure storage 
device; 

enrolling a user of said portable user -control led 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
*%!E£ai!^.* said user data comprising a first portion and a second 
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portion, said first portion comprising a cryptogram 
computed based on said second portion; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user- control led secure storage 
device to release said user data; and 

using said user data , from said portable user- 
controlled secure storage, at a service provider network 
site to obtain a service. 



3. (Previously Presented) A method for managing 
identification in a data communications network, the method 
comprising: 

presenting an identity credential request and data to 
be stored to a federated identity server via a client 
host; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored; 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal. 
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4. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
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the machine to perform a method for managing identification in 
a data communications network, the method comprising: 

receiving a portable user-controlled secure storage 
device; 

enrolling a user of said portable user-controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling; 

storing said user data in said portable user- 
controlled secure storage device; 

enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user dat a, from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 
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5. (Currently Amended) A program storage device readable 
by a machine, embodying a program of instructions executable by 
the machine to perform a method for managing identification in 
a data communications network, the method comprising: 

receiving a portable user-controlled secure storage 

device; 

enrolling a user of said portable user- controlled 
secure storage device with an authority network site, said 
enrolling comprising providing information requested by 
said authority network site; 

receiving user data in response to said enrolling, 
said user data comprising a first portion and a second 
portion, said first portion comprising a cryptogram 
computed based on said second portion; 

storing said user data in said portable user- 
controlled secure storage device; 
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enabling said portable user-controlled secure storage 
device to release said user data; and 

using said user data , from said portable user- 
controlled secure storage device, at a service provider 
network site to obtain a service. 

6. (Previously Presented) A program storage device 
readable by a machine, embodying a program of instructions 
executable by the machine to perform a method for managing 
identification in a data communications network, the method 
comprising: 

presenting an identity credential request and data to 
be stored to a federated identity server via a client 
host; 

receiving an identity credential in response to said 
identity credential request, said identity credential 
comprising a randomized ID and an identification authority 
ID, said federated identity server capable of verifying 
the truthfulness, accuracy and completeness of said data 
to be stored; 

presenting a service request and said identity 
credential to a service portal, said service portal 
configured to issue an authentication request to said 
federated identity server; 

receiving a logon credential in response to said 
service request, said login credential comprising an 
indication of the client host used by the user; and 

using said logon credential to obtain a service from 
a service provider accessible via said service portal. 
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7. (Currently Amended) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising: 
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means for receiving a portable user -control led secure 
storage device; 

means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling; 

means for storing said user data in said portable 
user-controlled secure storage device; 

means for enabling said portable user-controlled 
secure storage device to release said user data; and 

means for using said user data , from said portable 
user-controlled secure storage device, at a service 
provider network site to obtain a service. 



8. (Currently Amended) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising; 

means for receiving a portable user-controlled secure 
storage device; 

means for enrolling a user of said portable user- 
controlled secure storage device with an authority network 
site, said enrolling comprising providing information 
requested by said authority network site; 

means for receiving user data in response to said 
enrolling, said user data comprising a first portion and a 
second portion, said first portion comprising a cryptogram 
computed based on said second portion; 

means for storing said user data in said portable 
user -control led secure storage device; 

means for enabling said portable user-controlled 
secure storage device to release said user data; and 



CUHN1SON. MtKAV A 

HODCSOK.UJ. 
CtnfeD V» Off* i FUn 
1900 OndcB Roa& SnM 2» 
Monwcy.CAMHO 
(l)t)*5J-CMC 



Page 6 of 18 



Appl. No. 10/040,293 
Amdt. dated March 1, 2006 

Reply to Advisory Action of February 2, 2006 



means for using said user data , from said portable 
user- control led secure storage device, at a service 
provider network site to obtain a service. 

9. {Previously Presented) An apparatus for managing 
identification in a data communications network, the apparatus 
comprising: 

means for presenting an identity credential request 
and data to be stored to a federated identity server via a 
client host; 

means for receiving an identity credential in 
response to said identity credential request, said 
identity credential comprising a randomized ID and an 
identification authority ID, said federated identity 
server capable of verifying the truthfulness, accuracy and 
completeness of said data to be stored; 

means for presenting a service request and said 
identity credential to a service portal, said service 
portal configured to issue an authentication request to 
said federated identity server; 

means for receiving a logon credential in response to 
said service request, said login credential comprising an 
indication of the client host used by the user; and 

means for using said logon credential to obtain a 
service from a service provider accessible via said 
service portal . 



10 ♦ (Cancelled) 
11. (Cancelled) 



CUIWISON. McKAV ft 

HODCSOH, Ll_f. 
GsftnWcdOfficima 
1900 Cjflks Boa*. S&il* 270 
Moouny-CAWWO 
(i)i)«i4wo 

F«(t3t)«SS4ttS 



12 . (Currently Amended) A method for protecting privacy 
on a data communications network, the method comprising: 
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storing user logon information for at least one 
service provider server on a portable user -control led 
secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

logging on to said portable user-controlled secure 
device, said logging on providing access to said at least 
one service provider server. 



13. (Cancelled) 



14. (Cancelled) 



15. (Currently Amended) An apparatus for protecting 
privacy on a data communications network, the apparatus 
comprising: 

means for storing user logon information for at least 
one service provider server on a portable user-controlled 
secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

means for logging on to said portable user-controlled 
secure device, said logging on providing access to said at 
least one service provider server. 

16. (Cancelled) 



17. (Cancelled) 



CUNMSO* McKAVA 

HODGSON. LLP. 
Ginfcn Wca Otikc tUn 
1900 Cedes Bead fate J» 
Moourcy. CA W40 



18 . (Currently Amended) An apparatus for protecting 
privacy on a data communications network, the apparatus 
comprising: 

means for storing user logon information for at least 
one service provider server on a portable user-controlled 
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secure device, said at least one service provider server 
comprising at least one network server that is capable of 
providing a service to a user; and 

means for logging on to said portable user-controlled 
secure device, said logging on providing access to said at 
least one service provider server. 

19. (Original) A memory for storing data for access by 
an application program being executed on a data processing 
system, comprising : 

a data structure stored in said memory, said data 
structure including a bit-mapped field associated with a 
data communications network user, the value of each bit in 
said field determined by whether said user is a member of 
a group associated with said bit, the mapping for between 
bits in said field and membership in a group maintained by 
an aggregation authority. 
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